Re: Extracting from PKCS8ShroudedKeyBag

Asger Henriksen Fri, 26 Jan 2001 03:55:35 -0800
Dr S N Henson wrote:
> 
> Asger Henriksen wrote:
> >
> > Hi,
> >
> > I am trying to convert a keyfile/certificate pair for a webserver from
> > webstar (mac) format to basic textmode base64 encoded files.
> >
> > I need the private key in a seperate file.
> >
> > Running
> >
> > openssl asn1parse -inform DER -in privkey
> >     0:d=0  hl=4 l= 704 cons: SEQUENCE
> >     4:d=1  hl=2 l=  11 prim: OBJECT            :pkcs8ShroudedKeyBag
> >    17:d=1  hl=4 l= 685 cons: cont [ 0 ]
> >    21:d=2  hl=4 l= 681 cons: SEQUENCE
> >    25:d=3  hl=2 l=  35 cons: SEQUENCE
> >    27:d=4  hl=2 l=   9 prim: OBJECT            :pbeWithSHA1AndDES-CBC
> >    38:d=4  hl=2 l=  22 cons: SEQUENCE
> >    40:d=5  hl=2 l=  16 prim: OCTET STRING
> >    58:d=5  hl=2 l=   2 prim: INTEGER           :0400
> >    62:d=3  hl=4 l= 640 prim: OCTET STRING
> >   706:d=1  hl=2 l=   0 cons: SET
> >
> > gives this output, and I logically assumed that
> >
> > openssl pkcs8 -inform DER -in privkey -out key.pem -v1 PBE-SHA1-DES
> >
> 
> The v1 part wont do anything when decrypting a key. The command
> automatically works out the encryption used.
> 
> > would extract the key into key.pem.
> > but openssl complains with:
> >
> > Error reading key
> > 30734:error:0D0A0007:asn1 encoding routines:d2i_X509_ALGOR:expecting an
> > asn1 sequence:x_algor.c:85:address=135523396 offset=0
> >
> 
> The actual format you have there isn't PKCS#8. However it does contain a
> PKCS#8 EcnryptedPrivateKey structure which you can extract using
> asn1parse. Try:
> 
> openssl asn1parse -in privkey -strparse 21 -out p8key.der
> openssl pkcs8 -in p8key.der -inform DER
> 
> and you may have more luck.

Thank you, that seemed to do the trick.

/Asger



> 
> Steve.
> --
> Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
> Personal Email: [EMAIL PROTECTED]
> Senior crypto engineer, Celo Communications: http://www.celocom.com/
> Core developer of the   OpenSSL project: http://www.openssl.org/
> Business Email: [EMAIL PROTECTED] PGP key: via homepage.
> 
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]

-- 
E N T E R P R I S E   I N T E R A C T I V E
Aarhusgade 108E, 3.
DK-2100 Copenhagen
Phone: +45 35 25 32 00
Mail: [EMAIL PROTECTED]
www.e-i.dk

Not using Cashcow yet? www.cashcow.dk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
Re: Extracting from PKCS8ShroudedKeyBag

Reply via email to
